Cybersecurity_Incident_and_Vulnerability_Response.pdf
1.1 MB
#BlueTeam
"Cybersecurity Incident & Vulnerability Response Playbooks
Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems", 2021.
@BlueRedTeam
"Cybersecurity Incident & Vulnerability Response Playbooks
Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems", 2021.
@BlueRedTeam
#RedTeam
1. Detecting a Container Escape with Cilium and eBPF
https://isovalent.com/blog/post/2021-11-container-escape
2. How to bypass reCaptcha V3 with Selenium Python
https://medium.com/analytics-vidhya/how-to-bypass-recaptcha-v3-with-selenium-python-7e71c1b680fc
@BlueRedTeam
1. Detecting a Container Escape with Cilium and eBPF
https://isovalent.com/blog/post/2021-11-container-escape
2. How to bypass reCaptcha V3 with Selenium Python
https://medium.com/analytics-vidhya/how-to-bypass-recaptcha-v3-with-selenium-python-7e71c1b680fc
@BlueRedTeam
Isovalent
Detecting a Container Escape with Tetragon and eBPF
Learn how to use Isovalent Cilium Enterprise observability to detect container escapes
#exploit
CVE-2021-30602:
Google Chrome WebRTC addIceCandidate UaF vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1348
@BlueRedTeam
CVE-2021-30602:
Google Chrome WebRTC addIceCandidate UaF vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1348
@BlueRedTeam
#RedTeam
1. TPM sniffing
https://blog.scrt.ch/2021/11/15/tpm-sniffing
2. Exploit para Apache Struts v2 (RCE)
https://github.com/andre3llo/apachestruts
@BlueRedTeam
1. TPM sniffing
https://blog.scrt.ch/2021/11/15/tpm-sniffing
2. Exploit para Apache Struts v2 (RCE)
https://github.com/andre3llo/apachestruts
@BlueRedTeam
GitHub
GitHub - 4ndreello/apachestruts: Apache Struts v2 exploit (RCE).
Apache Struts v2 exploit (RCE). Contribute to 4ndreello/apachestruts development by creating an account on GitHub.
#Threat_Research
Diving into Open-source LMS Codebases
https://starlabs.sg/blog/2021/11/diving-into-open-source-lms-codebases
@BlueRedTeam
Diving into Open-source LMS Codebases
https://starlabs.sg/blog/2021/11/diving-into-open-source-lms-codebases
@BlueRedTeam
#exploit
Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days (Netgear UPNP Stack Based Buffer Overflow)
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
@BlueRedTeam
Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days (Netgear UPNP Stack Based Buffer Overflow)
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
@BlueRedTeam
Hello friends
You can download Cybersecurity books here.
And various articles and Write ups
Link:
https://news.1rj.ru/str/joinchat/S7X_g5M43myDbccu
You can download Cybersecurity books here.
And various articles and Write ups
Link:
https://news.1rj.ru/str/joinchat/S7X_g5M43myDbccu
#exploit
1. CVE-2021-43617:
Bypass CRF
https://github.com/kombat1/CVE-2021-43617
2. Linux: UAF read: SO_PEERCRED
and SO_PEERGROUPS race with listen() (and connect())
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
3. CVE-2021-37580:
Apache ShenYu 2.3.0/2.4.0 authentication bypass
https://github.com/0x0021h/expbox/blob/main/cve-2021-37580-poc.py
@BlueRedTeam
1. CVE-2021-43617:
Bypass CRF
https://github.com/kombat1/CVE-2021-43617
2. Linux: UAF read: SO_PEERCRED
and SO_PEERGROUPS race with listen() (and connect())
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
3. CVE-2021-37580:
Apache ShenYu 2.3.0/2.4.0 authentication bypass
https://github.com/0x0021h/expbox/blob/main/cve-2021-37580-poc.py
@BlueRedTeam
GitHub
GitHub - kombat1/CVE-2021-43617: CVE-2021-43617 bypass CRF
CVE-2021-43617 bypass CRF. Contribute to kombat1/CVE-2021-43617 development by creating an account on GitHub.
#RedTeam
1. Google SSRF - URL whitelist bypass
https://feed.bugs.xdavidhu.me/bugs/0008
2. HTTP Request Smuggling due to ignoring chunk extensions
https://hackerone.com/reports/1238099
3. How I was able to revoke your Instagram 2FA
https://dhiyaneshgeek.github.io/web/security/2021/10/23/how-i-was-able-to-revoke-your-instagram-2fa
@BlueRedTeam
1. Google SSRF - URL whitelist bypass
https://feed.bugs.xdavidhu.me/bugs/0008
2. HTTP Request Smuggling due to ignoring chunk extensions
https://hackerone.com/reports/1238099
3. How I was able to revoke your Instagram 2FA
https://dhiyaneshgeek.github.io/web/security/2021/10/23/how-i-was-able-to-revoke-your-instagram-2fa
@BlueRedTeam
feed.bugs.xdavidhu.me
SSRF via URL whitelist bypass in a Google Cloud owned App Engine service
xdavidhu's bug bounty disclosures.
#tools
#BlueTeam
Microsoft Threat Intelligence Security Tools
for InfoSec defenders
https://github.com/microsoft/msticpy
@BlueRedTeam
#BlueTeam
Microsoft Threat Intelligence Security Tools
for InfoSec defenders
https://github.com/microsoft/msticpy
@BlueRedTeam
GitHub
GitHub - microsoft/msticpy: Microsoft Threat Intelligence Security Tools
Microsoft Threat Intelligence Security Tools. Contribute to microsoft/msticpy development by creating an account on GitHub.
دوستانی ک به
❗️ هک
❗️کرک
❗️مهندسی معکوس
❗️نتورک
❗️مباحث جنگ الکترونیک
❗️و ...
علاقه مندن، جوین بشن 👇 :
@ch4mr0sh 🦹
❗️ هک
❗️کرک
❗️مهندسی معکوس
❗️نتورک
❗️مباحث جنگ الکترونیک
❗️و ...
علاقه مندن، جوین بشن 👇 :
@ch4mr0sh 🦹
#RedTeam
1. Bypassing ModSecurity WAF
https://blog.h3xstream.com/2021/10/bypassing-modsecurity-waf.html
2. Finding a 0-Day Race Condition
https://www.mccormackcyber.com/post/finding-a-0-day-race-condition
@BlueRedTeam
1. Bypassing ModSecurity WAF
https://blog.h3xstream.com/2021/10/bypassing-modsecurity-waf.html
2. Finding a 0-Day Race Condition
https://www.mccormackcyber.com/post/finding-a-0-day-race-condition
@BlueRedTeam
H3Xstream
h3xStream's blog: Bypassing ModSecurity WAF
Being able to bypass Web Application Firewall (WAF) depends on your knowledge about their behavior. Here is a cool technique th...
#tools
#BlueTeam
A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending
https://github.com/dev-2null/ADCollector
@BlueRedTeam
#BlueTeam
A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending
https://github.com/dev-2null/ADCollector
@BlueRedTeam
GitHub
GitHub - dev-2null/ADCollector: A lightweight tool to quickly extract valuable information from the Active Directory environment…
A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending. - dev-2null/ADCollector
برای دوستانی که علاقه مند به یاد گیری تست نفوذ هستند و در سطح مقدماتی هستند :
( هدف این کانال یاد دادن تست نفوذ شبکه هست . )
@Unique_exploit
( هدف این کانال یاد دادن تست نفوذ شبکه هست . )
@Unique_exploit
#tools
#RedTeam
1. Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu
2. Cobalt Strike Aggressor Script that Performs
System/AV/EDR Recon
https://github.com/optiv/Registry-Recon
@BlueRedTeam
#RedTeam
1. Lsass NTLM Authentication Backdoor
https://github.com/kindtime/nosferatu
2. Cobalt Strike Aggressor Script that Performs
System/AV/EDR Recon
https://github.com/optiv/Registry-Recon
@BlueRedTeam
GitHub
GitHub - kindtime/nosferatu: Windows NTLM Authentication Backdoor
Windows NTLM Authentication Backdoor. Contribute to kindtime/nosferatu development by creating an account on GitHub.
#exploit
1. CVE-2021-42321:
Exchange Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
2. CVE-2021-22053:
Spring Cloud Netflix Hystrix Dashboard
template resolution vulnerability
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
@BlueRedTeam
1. CVE-2021-42321:
Exchange Post-Auth RCE
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
2. CVE-2021-22053:
Spring Cloud Netflix Hystrix Dashboard
template resolution vulnerability
https://github.com/SecCoder-Security-Lab/spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
@BlueRedTeam
Gist
PoC of CVE-2021-42321: pop mspaint.exe on the target
PoC of CVE-2021-42321: pop mspaint.exe on the target - CVE-2021-42321_poc.py
#BlueTeam
1. Command injection prevention for Python
https://semgrep.dev/docs/cheat-sheets/python-command-injection
2. Defender’s Mindset
https://medium.com/@johnlatwc/defenders-mindset-319854d10aaa
@BlueRedTeam
1. Command injection prevention for Python
https://semgrep.dev/docs/cheat-sheets/python-command-injection
2. Defender’s Mindset
https://medium.com/@johnlatwc/defenders-mindset-319854d10aaa
@BlueRedTeam
semgrep.dev
Command Injection in Python | Semgrep
Cheat sheet for the prevention of Command Injection vulnerabilities for Python.
#exploit
CVE-2021-41379:
Windows installer LPE 0day
https://github.com/klinix5/InstallerFileTakeOver
@BlueRedTeam
CVE-2021-41379:
Windows installer LPE 0day
https://github.com/klinix5/InstallerFileTakeOver
@BlueRedTeam
#Threat_Research
1. Unauthenticated RCE against CommVault Command Center
https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
]-> PoC: https://srcincite.io/pocs/cve-2021-%7B34993,34996%7D.py.txt
2. A review of Microsoft Azure Sphere vulnerabilities
https://blog.talosintelligence.com/2021/11/a-review-of-azure-sphere.html?m=1
3. Exploiting the Qualcomm NPU (neural processing unit) kernel driver (CVE-2021-1940, CVE-2021-1968, CVE-2021-1969)
https://securitylab.github.com/research/qualcomm_npu
@BlueRedTeam
1. Unauthenticated RCE against CommVault Command Center
https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html
]-> PoC: https://srcincite.io/pocs/cve-2021-%7B34993,34996%7D.py.txt
2. A review of Microsoft Azure Sphere vulnerabilities
https://blog.talosintelligence.com/2021/11/a-review-of-azure-sphere.html?m=1
3. Exploiting the Qualcomm NPU (neural processing unit) kernel driver (CVE-2021-1940, CVE-2021-1968, CVE-2021-1969)
https://securitylab.github.com/research/qualcomm_npu
@BlueRedTeam
CVE-2021
Python 3 noscript to identify CVE-2021-26084 via network requests.
URL:https://github.com/quesodipesto/conflucheck
@BlueRedTeam
Python 3 noscript to identify CVE-2021-26084 via network requests.
URL:https://github.com/quesodipesto/conflucheck
@BlueRedTeam
GitHub
GitHub - quesodipesto/conflucheck: Python 3 noscript to identify CVE-2021-26084 via network requests.
Python 3 noscript to identify CVE-2021-26084 via network requests. - quesodipesto/conflucheck